Skip to content

Privacy and Anonymity

FrenchDeepWeb edited this page Jun 16, 2021 · 9 revisions

A Primer on Privacy, Anonymity and Security

Cyberspace is dangerous. There are powerful entities out there who are willing to exploit you! To protect yourself effectively, you need to understand what the fundamental difference between being private and being anonymous. TLDR:

Being private:

Your adversaries do not know what you are doing, but they might know your real identity.

Being anonymous:

Your adversaries do not know your real identity, but they might know what you do.

Trust: the Ultimate Exploit of them All.

When you connect to ssh.chat (or any other public server), you are trusting that the server is not malicious. A malicious server can easily compromise you (see below) and can easily gather a lot of data about you. If you are not comfortable with the assumption that what you say, who you connect with, what operating system/client you are using and what IP address you use to connect may be published by the server admins: You should host your own server and use that.

The SSH Protocol and Anonymity

SSH is not designed to preserve user privacy and anonymity by default. Below are some features and behavior that could uniquely identify you while connecting to an ssh-chat server or when you are using ssh in general:

Specific Issues when Connecting to an ssh-chat Instance

By default, some environment variables are sent by your client and read the the ssh-chat server. This can be used to uniquely identify a user connecting to a server even if you use methods to hide your IP address.

The following environment *nix environment variables are sent to and read by the server:

$TERM:

The type of terminal you are using. This is used to check if your client supports ANSI escape characters and color themes. It can be used to identify what operating system you are using and what terminal you are using.

$USER:

Your current local username. This is sent and read by the server to set your display name. It might leak your real identity or the alias associated with the username, leading to further disclosure if the alias has been reused.

Problematic Features in the OpenSSH Client

Some features that are likely to be enabled by by default in the OpenSSH client used by linux distributions:

ssh-agent:

ssh-agent will try all of your ssh identity keypairs found in $HOME/.ssh/ and any other directory that you configured to store ssh identities. A malicious server can log the identities sent by the ssh client to uniquely profile a user.

PKCS11Provider:

Same issue as ssh-agent, but with PKCS11 Identities.

ForwardAgent:

Forwards your local connection to your authentication agent over the ssh tunnel. A malicious server can use this to attack your local machine.

ForwardX11:

Redirects X11 connections over the ssh tunnel. THIS IS DANGEROUS as any remote user that can bypass file restrictions can access your local X11 display! A malicious server or any server operating in a hostile environment can attack your local machine!

SSH Client Version String:

Your client version string is sent in cleartext. Eavesdropping adversaries and the server will likely know what OS you are using and gain more information on your operations setup by looking at the version string.

Mitigations

OpenSSH:

To disable your OpenSSH client from sending all avaiable pubkeys on your computer and other problematic features, do the following:
1: Copy and paste the following codeblock at the end of your ssh_config file:

Host *
    IdentitiesOnly yes
    ForwardX11 no
    ForwardAgent no
    GSSAPIAUthentication no

2: Avoid creating the following keys or rename existing ones on the following list:

$HOME/.ssh/identity
$HOME/.ssh/id_rsa 
$HOME/.ssh/id_dsa 
$HOME/.ssh/id_ecdsa 
$HOME/.ssh/id_ed25519 
$HOME/.ssh/id_xmss

Explaination:
TODO

Sources Referenced:

List of Default keys and Disable SSH Agent from sending keys:
https://serverfault.com/questions/139870/stop-ssh-client-from-offering-all-the-public-keys-it-can-find/515214#515214
Dangerous features to enable in OpenSSH Client while connecting to servers:
https://unix.stackexchange.com/questions/106595/myth-or-reality-selinux-can-confine-the-root-user

Use Tor for Hide your IP or accessing Tor onion service host:

  • Install Tor and netcat on your computer:

Follow the official Tor documentation to install Tor:
https://support.torproject.org/apt/#apt-1

Then use your package manager for installing netcat

apt install netcat-openbsd
  • Create a config file in $HOME/.ssh
touch $HOME/.ssh/config

Edit the config file and put this inside:

Host <alias>
    hostname <hostname.onion>
    ProxyCommand /bin/nc -X 5 -x 127.0.0.1:9050 %h %p 
    user <username> 
    IdentityFile </path/to/your/key>

Then you can connect to the onion host with the command: ssh <alias> You are now connected to the onion chat server at <hostname.onion> with the username <username> using the key <path/to/your/key>

Don't forget to follow the Mitigation recommandations for stay safe

Page TODO:

  • Explain Threat modeling
  • Link to opsec resources
  • Investigate and finish mitigations section
  • Investigate other ssh clients
    • PuTTy
    • MacOS
    • Windows ssh client
  • Investigate openssh client features
    • read ssh manpage
    • read ssh_config manpage
  • Word ForwardX11 and ForwardAgent better